NSA urges businesses to adopt zero trust for network security

US intelligence agency lays out security steps IT admins should take to protect their infrastructure from threats.

data center female it specialist using laptop server farm cloud and picture id1336250828
gorodenkoff

The National Security Agency this week detailed recommendations for businesses to secure their network infrastructure against attacks, giving safe configuration tips for commonly used networking protocols and urging the use of basic security measures for all networks.

The NSA's report highlighted the importance of zero trust principles for network security, but the bulk of it covers specific steps network administrators should take to keep their infrastructure safe from compromise. Configuration tips for network admins include the use of secure, frequently changed passwords for all administrative accounts, limiting login attempts, and keeping potentially vulnerable systems patched and up-to-date. The report also describes safe configurations for SSH (secure shell), HTTP and SNMP (simple network management protocol).

"Improper configuration, incorrect handling of configurations, and weak encryption keys can expose vulnerabilities in the entire network," the report said. "All networks are at risk of compromise, especially if devices are not properly configured and maintained."

The NSA, additionally, recommended the use of network access control systems as an extra layer of security for enterprise networks. The idea is to implement a robust system for identifying individual devices on a network, as port security can be difficult to manage and tracking connected devices via MAC address can be circumvented by an attacker.

The use of centralized authorization, authentication and accounting servers are also being highlighted as a strong security measure by the NSA. This helps avoid the use of potentially vulnerable legacy authentication technologies, since they don't rely on credentials stored on connected devices, which can be relatively simple to compromise. Doubling up on deployment of AAA servers—which handle requests for system resources—provides a level of redundancy and can help detect and prevent malicious activity more easily, according to the agency.

To continue reading this article register now